General

  • Target

    a80c38ce9337003bf669ae1725e4d38999152bf078148c4658e753cfe4c7a306N

  • Size

    55KB

  • Sample

    241109-r134qavqcy

  • MD5

    4e31d94938d6c84cd0f51d195ee8dfa0

  • SHA1

    a480396ab16facfad48a9a1fa9abf4448f93a72d

  • SHA256

    a80c38ce9337003bf669ae1725e4d38999152bf078148c4658e753cfe4c7a306

  • SHA512

    be8cb4584bab006726cb5c4fd5fbdf9cd366a09f4f413bb738dfbd25afbdc120a87dc54595c5bffa455e7974928643c3257b0604917a91abba2a8800bfc7e13b

  • SSDEEP

    1536:OmOckdEKAdmetEnwCyz1vbGoMNSoNSd0A3shxD6:Omt7YnwC+1vbG/NXNW0A8hh

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      a80c38ce9337003bf669ae1725e4d38999152bf078148c4658e753cfe4c7a306N

    • Size

      55KB

    • MD5

      4e31d94938d6c84cd0f51d195ee8dfa0

    • SHA1

      a480396ab16facfad48a9a1fa9abf4448f93a72d

    • SHA256

      a80c38ce9337003bf669ae1725e4d38999152bf078148c4658e753cfe4c7a306

    • SHA512

      be8cb4584bab006726cb5c4fd5fbdf9cd366a09f4f413bb738dfbd25afbdc120a87dc54595c5bffa455e7974928643c3257b0604917a91abba2a8800bfc7e13b

    • SSDEEP

      1536:OmOckdEKAdmetEnwCyz1vbGoMNSoNSd0A3shxD6:Omt7YnwC+1vbG/NXNW0A8hh

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks